﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;

namespace MvcTestApp.Utility
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            RouteData routeData = filterContext.RouteData;

            // check if user is allowed on this page
            if (SessionCache.CurrentUser != null )
            {
                String user = SessionCache.CurrentUser;
                string thisArea = routeData.DataTokens["area"].ToString();

                // if the user doesn't have access to this area
                //if (!user.IsInRole(thisArea))
                //{
                //    HandleUnauthorizedRequest(filterContext);
                //}
                filterContext.RequestContext.HttpContext.Response.Redirect("/access-denied");
            }
            base.OnAuthorization(filterContext);
        }
    }
}